alsa-2026:10767
Vulnerability from osv_almalinux
Published
2026-04-27 00:00
Modified
2026-04-29 08:55
Summary
Important: firefox security update
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
- firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)
- firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)
- firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)
- firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)
- firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)
- firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)
- firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)
- firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)
- firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)
- firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)
- firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)
- firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)
- firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)
- firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)
- firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763)
- firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)
- firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)
- firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)
- firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)
- firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)
- firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)
- firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)
- firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)
- firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)
- firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "firefox"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "140.10.0-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. \n\nSecurity Fix(es): \n\n * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)\n * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)\n * firefox: thunderbird: Spoofing issue in the DOM: Core \u0026 HTML component (CVE-2026-6762)\n * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)\n * firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)\n * firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)\n * firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)\n * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)\n * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)\n * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)\n * firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)\n * firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)\n * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)\n * firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)\n * firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763)\n * firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)\n * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)\n * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)\n * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)\n * firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)\n * firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)\n * firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)\n * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)\n * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)\n * firefox: thunderbird: Use-after-free in the DOM: Core \u0026 HTML component (CVE-2026-6746)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:10767",
"modified": "2026-04-29T08:55:20Z",
"published": "2026-04-27T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:10767"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6746"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6747"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6748"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6749"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6750"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6751"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6752"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6753"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6754"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6757"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6759"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6761"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6762"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6763"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6764"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6765"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6766"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6767"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6769"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6770"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6771"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6772"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6776"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6785"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-6786"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460074"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460075"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460076"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460078"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460079"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460085"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460086"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460088"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460092"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460094"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460095"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460096"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460097"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460099"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460101"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460102"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460103"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460104"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460105"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460106"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460107"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460108"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460109"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460110"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2460112"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2026-10767.html"
}
],
"related": [
"CVE-2026-6772",
"CVE-2026-6754",
"CVE-2026-6762",
"CVE-2026-6752",
"CVE-2026-6770",
"CVE-2026-6757",
"CVE-2026-6767",
"CVE-2026-6786",
"CVE-2026-6753",
"CVE-2026-6759",
"CVE-2026-6747",
"CVE-2026-6749",
"CVE-2026-6766",
"CVE-2026-6761",
"CVE-2026-6763",
"CVE-2026-6750",
"CVE-2026-6748",
"CVE-2026-6785",
"CVE-2026-6771",
"CVE-2026-6764",
"CVE-2026-6765",
"CVE-2026-6769",
"CVE-2026-6751",
"CVE-2026-6776",
"CVE-2026-6746"
],
"summary": "Important: firefox security update"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…